CVE-2012-5557
Severity Score
3.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
El módulo User Read-Only v6.x-1.x antes de v6.x-1.4 y v7.x-1.x antes de v7.x-1.4 para Drupal no asigna roles adecuadamente cuando hay más de tres roles en el sitio y se dan algunas configuraciones no especificadas, lo que podría permitir a usuarios autenticados remotamente ganar privilegios a través de ciertas operaciones, como se demostró con un cambio de contraseña.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-03 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2012/11/20/4 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/1840038 | 2012-12-04 | |
| http://drupal.org/node/1840054 | 2012-12-04 | |
| http://drupal.org/node/1840886 | 2012-12-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 6.x-1.0 Search vendor "User Read-only Project" for product "User Readonly" and version "6.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 6.x-1.1 Search vendor "User Read-only Project" for product "User Readonly" and version "6.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 6.x-1.2 Search vendor "User Read-only Project" for product "User Readonly" and version "6.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 6.x-1.3 Search vendor "User Read-only Project" for product "User Readonly" and version "6.x-1.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 6.x-1.x Search vendor "User Read-only Project" for product "User Readonly" and version "6.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 7.x-1.0 Search vendor "User Read-only Project" for product "User Readonly" and version "7.x-1.0" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 7.x-1.1 Search vendor "User Read-only Project" for product "User Readonly" and version "7.x-1.1" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 7.x-1.2 Search vendor "User Read-only Project" for product "User Readonly" and version "7.x-1.2" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 7.x-1.3 Search vendor "User Read-only Project" for product "User Readonly" and version "7.x-1.3" | - |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|
| User Read-only Project Search vendor "User Read-only Project" | User Readonly Search vendor "User Read-only Project" for product "User Readonly" | 7.x-1.x Search vendor "User Read-only Project" for product "User Readonly" and version "7.x-1.x" | dev |
Affected
| in | Drupal Search vendor "Drupal" | Drupal Search vendor "Drupal" for product "Drupal" | - | - |
Safe
|